Vulnerability-Lookup

BDU:2022-05173

Vulnerability from fstec - Published: 24.05.2022

Title

Уязвимость интерфейса командной строки (CLI) микропрограммного обеспечения сетевых устройств Zyxel, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость интерфейса командной строки (CLI) микропрограммного обеспечения сетевых устройств Zyxel связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Vendor

Zyxel Communications Corp.

Software Name

NXC2500, NXC5500, NAP203, NAP303, NAP353, NSG, USG, ZyWALL, USG FLEX, ATP, VPN, ZYXEL NWA50AX, ZYXEL NWA55AXE, ZYXEL NWA90AX, ZYXEL NWA110AX, ZYXEL NWA210AX, NWA1123-AC HD, NWA1123-AC PRO, ZYXEL NWA1123ACv3, NWA1302-AC, NWA5123-AC HD, ZYXEL WAC500H, ZYXEL WAC500, WAC5302D-S, ZYXEL WAC5302D-Sv2, WAC6103D-I, WAC6303D-S, WAC6502D-E, WAC6502D-S, WAC6503D-S, WAC6553D-E, WAC6552D-S, ZYXEL WAX510D, ZYXEL WAX610D, ZYXEL WAX630S, ZYXEL WAX650S

Software Version

до 6.10(AAIG.3) включительно (NXC2500), до 6.10(AAOS.3) включительно (NXC5500), до 6.25(ABFA.8) (NAP203), до 6.25(ABEX.8) (NAP303), до 6.25(ABEY.8) (NAP353), до 1.33 Patch 5 (NSG), до ZLD 4.72 (USG), до ZLD 4.72 (ZyWALL), до ZLD 5.30 (USG FLEX), до ZLD 5.30 (ATP), до ZLD 5.30 (VPN), до 6.25(ABYW.8) (ZYXEL NWA50AX), до 6.25(ABZL.8) (ZYXEL NWA55AXE), до 6.27(ACCV.3) (ZYXEL NWA90AX), до 6.30(ABTG.3) (ZYXEL NWA110AX), до 6.30(ABTD.3) (ZYXEL NWA210AX), до 6.25(ABIN.8) (NWA1123-AC HD), до 6.25(ABHD.8) (NWA1123-AC PRO), до 6.30(ABVT.3) (ZYXEL NWA1123ACv3), до 6.25(ABKU.8) (NWA1302-AC), до 6.25(ABIM.8) (NWA5123-AC HD), до 6.30(ABWA.3) (ZYXEL WAC500H), до 6.30(ABVS.3) (ZYXEL WAC500), до 6.10(ABFH.10) включительно (WAC5302D-S), до 6.25(ABVZ.8) (ZYXEL WAC5302D-Sv2), до 6.25(AAXH.8) (WAC6103D-I), до 6.25(ABGL.8) (WAC6303D-S), до 6.25(AASD.8) (WAC6502D-E), до 6.25(AASE.8) (WAC6502D-S), до 6.25(AASF.8) (WAC6503D-S), до 6.25(AASG.8) (WAC6553D-E), до 6.25(ABIO.8) (WAC6552D-S), до 6.30(ABTF.3) (ZYXEL WAX510D), до 6.30(ABTE.3) (ZYXEL WAX610D), до 6.30(ABZD.3) (ZYXEL WAX630S), до 6.30(ABRM.3) (ZYXEL WAX650S)

Possible Mitigations

Использование рекомендаций: https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml

Reference

https://channel4it.com/editorials/zyxel-predupredila-o-mnozhestvennyh-uyazvimostyah-v-svoih-produktah.html https://www.securitylab.ru/news/531919.php https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml https://nvd.nist.gov/vuln/detail/CVE-2022-26531 http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html http://seclists.org/fulldisclosure/2022/Jun/15

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:P/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Zyxel Communications Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 6.10(AAIG.3) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (NXC2500), \u0434\u043e 6.10(AAOS.3) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (NXC5500), \u0434\u043e 6.25(ABFA.8) (NAP203), \u0434\u043e 6.25(ABEX.8) (NAP303), \u0434\u043e 6.25(ABEY.8) (NAP353), \u0434\u043e 1.33 Patch 5 (NSG), \u0434\u043e ZLD 4.72 (USG), \u0434\u043e ZLD 4.72 (ZyWALL), \u0434\u043e ZLD 5.30 (USG FLEX), \u0434\u043e ZLD 5.30 (ATP), \u0434\u043e ZLD 5.30 (VPN), \u0434\u043e 6.25(ABYW.8) (ZYXEL NWA50AX), \u0434\u043e 6.25(ABZL.8) (ZYXEL NWA55AXE), \u0434\u043e 6.27(ACCV.3) (ZYXEL NWA90AX), \u0434\u043e 6.30(ABTG.3) (ZYXEL NWA110AX), \u0434\u043e 6.30(ABTD.3) (ZYXEL NWA210AX), \u0434\u043e 6.25(ABIN.8) (NWA1123-AC HD), \u0434\u043e 6.25(ABHD.8) (NWA1123-AC PRO), \u0434\u043e 6.30(ABVT.3) (ZYXEL NWA1123ACv3), \u0434\u043e 6.25(ABKU.8) (NWA1302-AC), \u0434\u043e 6.25(ABIM.8) (NWA5123-AC HD), \u0434\u043e 6.30(ABWA.3) (ZYXEL WAC500H), \u0434\u043e 6.30(ABVS.3) (ZYXEL WAC500), \u0434\u043e 6.10(ABFH.10) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (WAC5302D-S), \u0434\u043e 6.25(ABVZ.8) (ZYXEL WAC5302D-Sv2), \u0434\u043e 6.25(AAXH.8) (WAC6103D-I), \u0434\u043e 6.25(ABGL.8) (WAC6303D-S), \u0434\u043e 6.25(AASD.8) (WAC6502D-E), \u0434\u043e 6.25(AASE.8) (WAC6502D-S), \u0434\u043e 6.25(AASF.8) (WAC6503D-S), \u0434\u043e 6.25(AASG.8) (WAC6553D-E), \u0434\u043e 6.25(ABIO.8) (WAC6552D-S), \u0434\u043e 6.30(ABTF.3) (ZYXEL WAX510D), \u0434\u043e 6.30(ABTE.3) (ZYXEL WAX610D), \u0434\u043e 6.30(ABZD.3) (ZYXEL WAX630S), \u0434\u043e 6.30(ABRM.3) (ZYXEL WAX650S)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.05.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.08.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.08.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05173",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-26531",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "NXC2500, NXC5500, NAP203, NAP303, NAP353, NSG, USG, ZyWALL, USG FLEX, ATP, VPN, ZYXEL NWA50AX, ZYXEL NWA55AXE, ZYXEL NWA90AX, ZYXEL NWA110AX, ZYXEL NWA210AX, NWA1123-AC HD, NWA1123-AC PRO, ZYXEL NWA1123ACv3, NWA1302-AC, NWA5123-AC HD, ZYXEL WAC500H, ZYXEL WAC500, WAC5302D-S, ZYXEL WAC5302D-Sv2, WAC6103D-I, WAC6303D-S, WAC6502D-E, WAC6502D-S, WAC6503D-S, WAC6553D-E, WAC6552D-S, ZYXEL WAX510D, ZYXEL WAX610D, ZYXEL WAX630S, ZYXEL WAX650S",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Zyxel, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Zyxel \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u041f\u043e\u043b\u043d\u044b\u0439 \u043f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u0432\u0435\u0440\u0441\u0438\u0439 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 ZyXEL USG, ZyXEL USG VPN, ZyWALL \u0438 ZyWALL VPN \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f.",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://channel4it.com/editorials/zyxel-predupredila-o-mnozhestvennyh-uyazvimostyah-v-svoih-produktah.html\nhttps://www.securitylab.ru/news/531919.php\nhttps://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26531\nhttp://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html \nhttp://seclists.org/fulldisclosure/2022/Jun/15",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,2)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}

CVE-2022-26531 (GCVE-0-2022-26531)

Vulnerability from cvelistv5 – Published: 2022-05-24 00:00 – Updated: 2024-08-03 05:03

Summary

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

Zyxel

References

URL

Tags

	https://www.zyxel.com/support/multiple-vulnerabil…
	http://seclists.org/fulldisclosure/2022/Jun/15	mailing-list
	http://packetstormsecurity.com/files/167464/Zyxel…
	http://packetstormsecurity.com/files/177036/Zyxel…

Impacted products

Vendor

Product

Version

Zyxel

USG/ZyWALL series firmware

Affected: 4.09 through 4.71

Zyxel	USG FLEX series firmware	Affected: 4.50 through 5.21
Zyxel	ATP series firmware	Affected: 4.32 through 5.21
Zyxel	VPN series firmware	Affected: 4.30 through 5.21
Zyxel	NSG series firmware	Affected: 1.00 through 1.33 Patch 4
Zyxel	NXC2500 firmware	Affected: <= 6.10(AAIG.3)
Zyxel	NAP203 firmware	Affected: <= 6.25(ABFA.7)
Zyxel	NWA50AX firmware	Affected: <= 6.25(ABYW.5)
Zyxel	WAC500 firmware	Affected: <= 6.30(ABVS.2)
Zyxel	WAX510D firmware	Affected: <= 6.30(ABTF.2)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:03:33.155Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
          },
          {
            "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "USG/ZyWALL series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "4.09 through 4.71"
            }
          ]
        },
        {
          "product": "USG FLEX series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "4.50 through 5.21"
            }
          ]
        },
        {
          "product": "ATP series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "4.32 through 5.21"
            }
          ]
        },
        {
          "product": "VPN series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "4.30 through 5.21"
            }
          ]
        },
        {
          "product": "NSG series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "1.00 through 1.33 Patch 4"
            }
          ]
        },
        {
          "product": "NXC2500 firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 6.10(AAIG.3)"
            }
          ]
        },
        {
          "product": "NAP203 firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 6.25(ABFA.7)"
            }
          ]
        },
        {
          "product": "NWA50AX firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 6.25(ABYW.5)"
            }
          ]
        },
        {
          "product": "WAC500 firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 6.30(ABVS.2)"
            }
          ]
        },
        {
          "product": "WAX510D firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 6.30(ABTF.2)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-09T18:05:56.732Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
        },
        {
          "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
        },
        {
          "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2022-26531",
    "datePublished": "2022-05-24T00:00:00.000Z",
    "dateReserved": "2022-03-07T00:00:00.000Z",
    "dateUpdated": "2024-08-03T05:03:33.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-05173

CVE-2022-26531 (GCVE-0-2022-26531)

Tags

Sightings

Nomenclature